Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Linux_enterprise_high_availability_extension
(Suse)Repositories | https://github.com/torvalds/linux |
#Vulnerabilities | 26 |
Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2010-09-30 | CVE-2010-2537 | The btrfs_ioctl_clone function in fs/btrfs/ioctl.c in the Linux kernel before 2.6.35 allows local users to overwrite an append-only file via a (1) BTRFS_IOC_CLONE or (2) BTRFS_IOC_CLONE_RANGE ioctl call that specifies this file as a donor. | Ubuntu_linux, Linux_kernel, Linux_enterprise_high_availability_extension, Suse_linux_enterprise_desktop, Suse_linux_enterprise_server | 7.1 | ||
2010-09-30 | CVE-2010-2538 | Integer overflow in the btrfs_ioctl_clone function in fs/btrfs/ioctl.c in the Linux kernel before 2.6.35 might allow local users to obtain sensitive information via a BTRFS_IOC_CLONE_RANGE ioctl call. | Ubuntu_linux, Linux_kernel, Linux_enterprise_desktop, Linux_enterprise_high_availability_extension, Linux_enterprise_server | 5.5 | ||
2010-09-30 | CVE-2010-3079 | kernel/trace/ftrace.c in the Linux kernel before 2.6.35.5, when debugfs is enabled, does not properly handle interaction between mutex possession and llseek operations, which allows local users to cause a denial of service (NULL pointer dereference and outage of all function tracing files) via an lseek call on a file descriptor associated with the set_ftrace_filter file. | Ubuntu_linux, Linux_kernel, Linux_enterprise_desktop, Linux_enterprise_high_availability_extension, Linux_enterprise_server | 5.5 | ||
2011-01-11 | CVE-2010-3865 | Integer overflow in the rds_rdma_pages function in net/rds/rdma.c in the Linux kernel allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a crafted iovec struct in a Reliable Datagram Sockets (RDS) request, which triggers a buffer overflow. | Linux_kernel, Opensuse, Linux_enterprise_high_availability_extension, Linux_enterprise_real_time | N/A | ||
2012-05-17 | CVE-2012-0879 | The I/O implementation for block devices in the Linux kernel before 2.6.33 does not properly handle the CLONE_IO feature, which allows local users to cause a denial of service (I/O instability) by starting multiple processes that share an I/O context. | Ubuntu_linux, Debian_linux, Linux_kernel, Linux_enterprise_desktop, Linux_enterprise_high_availability_extension, Linux_enterprise_server | 5.5 | ||
2012-05-17 | CVE-2012-1097 | The regset (aka register set) feature in the Linux kernel before 3.2.10 does not properly handle the absence of .get and .set methods, which allows local users to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a (1) PTRACE_GETREGSET or (2) PTRACE_SETREGSET ptrace call. | Linux_kernel, Enterprise_linux, Enterprise_mrg, Linux_enterprise_desktop, Linux_enterprise_high_availability_extension, Linux_enterprise_server | 7.8 | ||
2012-05-17 | CVE-2012-1146 | The mem_cgroup_usage_unregister_event function in mm/memcontrol.c in the Linux kernel before 3.2.10 does not properly handle multiple events that are attached to the same eventfd, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by registering memory threshold events. | Fedora, Linux_kernel, Linux_enterprise_desktop, Linux_enterprise_high_availability_extension, Linux_enterprise_server | 5.5 | ||
2018-01-03 | CVE-2017-18017 | The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel before 4.11, and 4.9.x before 4.9.36, allows remote attackers to cause a denial of service (use-after-free and memory corruption) or possibly have unspecified other impact by leveraging the presence of xt_TCPMSS in an iptables action. | Eos, Ubuntu_linux, Debian_linux, Arx, Linux_kernel, Cloud_magnum_orchestration, Leap, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_for_real_time, Enterprise_linux_for_real_time_for_nfv, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_tus, Enterprise_linux_workstation, Mrg_realtime, Caas_platform, Linux_enterprise_debuginfo, Linux_enterprise_desktop, Linux_enterprise_high_availability, Linux_enterprise_high_availability_extension, Linux_enterprise_live_patching, Linux_enterprise_module_for_public_cloud, Linux_enterprise_point_of_sale, Linux_enterprise_real_time_extension, Linux_enterprise_server, Linux_enterprise_software_development_kit, Linux_enterprise_workstation_extension, Openstack_cloud | 9.8 | ||
2014-03-14 | CVE-2014-2323 | SQL injection vulnerability in mod_mysql_vhost.c in lighttpd before 1.4.35 allows remote attackers to execute arbitrary SQL commands via the host name, related to request_check_hostname. | Debian_linux, Lighttpd, Opensuse, Linux_enterprise_high_availability_extension, Linux_enterprise_software_development_kit | 9.8 | ||
2014-03-14 | CVE-2014-2324 | Multiple directory traversal vulnerabilities in (1) mod_evhost and (2) mod_simple_vhost in lighttpd before 1.4.35 allow remote attackers to read arbitrary files via a .. (dot dot) in the host name, related to request_check_hostname. | Sv\-Cpt\-Mc310_firmware, Debian_linux, Lighttpd, Opensuse, Linux_enterprise_high_availability_extension, Linux_enterprise_software_development_kit | N/A |